<?php
defined('IN_YuLin') || exit('NO PERMIT!');
UserLogin(U($m.'/'.$c.'/'.$a));
$uid       = $_SESSION['uid'];
$userTable = Table('user');
// 获取用户信息，检查是否有设置安全码
$safeCheckSql = 'SELECT id, safepwd, safe_question FROM ' . $userTable . ' WHERE id = ' . $uid . ' AND safepwd !=""';
$safeInfo     = $db->getrow($safeCheckSql);
// 检查安全设置项，方便前台星级评分
$defaultSafeLv = 1;
if ($safeInfo['safepwd']) $defaultSafeLv++;
if ($safeInfo['safe_question']) $defaultSafeLv++;
// 展示页面
$page         = '';
if (IS_POST){
    $pwd      = NoBadStr($_REQUEST['safepwd']);
    $pwdAgain = NoBadStr($_REQUEST['safepwd_again']);
    switch ($_POST['operation']){
        case 'setsafe':
            // 获取设置的安全码
            if($pwd != $pwdAgain){
                AjaxReturn(['error'=>'1','msg'=>'请求数据错误']);
                return;
            }
            $data   = array('safepwd' => $pwd);
            // 设置安全码
            $setSql = 'UPDATE ' . $userTable . ' SET ' . CreateUpdateSql($data) . ' WHERE id = ' . $uid;
            $flag   = $db->exec($setSql);
            if ($flag){
                $flag = true;
                $msg  = '操作成功';
            }else{
                $flag = false;
                $msg  = '操作失败';
            }
            $page = 'member/security_savepwd_end';
            break;
        case 'verifysafe':
            if ($pwd == $safeInfo['safepwd']){
                // 验证通过准备进入设置页面
                $page = 'member/securityReSafePwd';
            }else{
                // 回到设置界面
                $verifyError = true;
                $page = 'member/securityVerifyPwd';
            }
            break;
        case 'upd':
            break;
        case 'setQuestion':
            // 验证safepwd（如果有设置安全码
            $pwd     = NoBadStr($_REQUEST['safepwd']);
            if($safeInfo['safepwd'] && $pwd != $safeInfo['safepwd']){
//                 AjaxReturn(['error'=>'1','msg'=>'安全码验证失败']);
                $flag = false;
                $msg  = '安全码验证失败';
                $page = 'member/security_question_end';
                break;
            }
            $quesData = array(
                'question1' => NoBadStr($_REQUEST['question1']),
                'answer1'   => NoBadStr($_REQUEST['answer1']),
                'question2' => NoBadStr($_REQUEST['question2']),
                'answer2'   => NoBadStr($_REQUEST['answer2']),
                'question3' => NoBadStr($_REQUEST['question3']),
                'answer3'   => NoBadStr($_REQUEST['answer3']),
            );
            // 序列化保存
            $questionStr     = serialize($quesData);
            $setQuestionSql = 'UPDATE ' . $userTable . ' SET safe_question = "' . addslashes($questionStr) . '" WHERE id = ' . $uid;
            $flag           = $db->exec($setQuestionSql);
            if ($flag){
                $flag = true;
                $msg  = '操作成功';
            }else{
                $flag = false;
                $msg  = '操作失败';
            }
            $page = 'member/security_question_end';
            break;
    }
    $tpl->display($page);
    return;
}

switch ($a){
    case 'setSafePwd':
        if ($safeInfo){
            $page = 'member/securityVerifyPwd';
        }else{
            $page = 'member/securitySafePwd';
        }
        break;
    case 'verifyPwd':
        break;
    case 'setQuestion':
        $page = 'member/securityQuestion';
        break;
    default:
        $page = 'member/securityCenter';
        break;
}

$tpl->display($page);

?>